lsh-framework 0.7.0 → 0.8.1

package/README.md

@@ -126,7 +126,7 @@ lsh lib secrets pull --env prod     # for production debugging
 | `lsh lib secrets create` | Create new .env file |
 | `lsh lib secrets delete` | Delete .env file (with confirmation) |
 
-See the complete guide: [SECRETS_GUIDE.md](SECRETS_GUIDE.md)
+See the complete guide: [SECRETS_GUIDE.md](docs/features/secrets/SECRETS_GUIDE.md)
 
 ## Installation
 
@@ -536,10 +536,10 @@ lsh lib daemon start
 
 ## Documentation
 
-- **[SECRETS_GUIDE.md](SECRETS_GUIDE.md)** - Complete secrets management guide
-- **[SECRETS_QUICK_REFERENCE.md](SECRETS_QUICK_REFERENCE.md)** - Quick reference for daily use
+- **[SECRETS_GUIDE.md](docs/features/secrets/SECRETS_GUIDE.md)** - Complete secrets management guide
+- **[SECRETS_QUICK_REFERENCE.md](docs/features/secrets/SECRETS_QUICK_REFERENCE.md)** - Quick reference for daily use
 - **[SECRETS_CHEATSHEET.txt](SECRETS_CHEATSHEET.txt)** - Command cheatsheet
-- **[INSTALL.md](INSTALL.md)** - Detailed installation instructions
+- **[INSTALL.md](docs/deployment/INSTALL.md)** - Detailed installation instructions
 - **[CLAUDE.md](CLAUDE.md)** - Developer guide for contributors
 
 ## Architecture

package/dist/cli.js

@@ -72,13 +72,13 @@ program
             console.log('LSH - Encrypted Secrets Manager with Automatic Rotation');
             console.log('');
             console.log('🔐 Secrets Management (Primary Features):');
-            console.log('  lib secrets sync        Check sync status & get recommendations');
-            console.log('  lib secrets push        Upload .env to encrypted cloud storage');
-            console.log('  lib secrets pull        Download .env from cloud storage');
-            console.log('  lib secrets list        List all stored environments');
-            console.log('  lib secrets show        View secrets (masked)');
-            console.log('  lib secrets key         Generate encryption key');
-            console.log('  lib secrets create      Create new .env file');
+            console.log('  secrets sync            Check sync status & get recommendations');
+            console.log('  secrets push            Upload .env to encrypted cloud storage');
+            console.log('  secrets pull            Download .env from cloud storage');
+            console.log('  secrets list            List all stored environments');
+            console.log('  secrets show            View secrets (masked)');
+            console.log('  secrets key             Generate encryption key');
+            console.log('  secrets create          Create new .env file');
             console.log('');
             console.log('🔄 Automation (Schedule secret rotation):');
             console.log('  lib cron add            Schedule automatic tasks');
@@ -86,14 +86,17 @@ program
             console.log('  lib daemon start        Start persistent daemon');
             console.log('');
             console.log('🚀 Quick Start:');
-            console.log('  lsh lib secrets key                   # Generate encryption key');
-            console.log('  lsh lib secrets push --env dev        # Push your secrets');
-            console.log('  lsh lib secrets pull --env dev        # Pull on another machine');
+            console.log('  lsh secrets key                   # Generate encryption key');
+            console.log('  lsh secrets push --env dev        # Push your secrets');
+            console.log('  lsh secrets pull --env dev        # Pull on another machine');
             console.log('');
             console.log('📚 More Commands:');
             console.log('  lib api                 API server management');
             console.log('  lib supabase            Supabase database management');
+            console.log('  lib daemon              Daemon management');
+            console.log('  lib cron                Cron job management');
             console.log('  self                    Self-management commands');
+            console.log('  self zsh                ZSH compatibility commands');
             console.log('  -i, --interactive       Start interactive shell');
             console.log('  --help                  Show all options');
             console.log('');
@@ -137,8 +140,10 @@ program
         process.exit(1);
     }
 });
-// ZSH compatibility subcommand
-program
+// Self-management commands
+program.addCommand(selfCommand);
+// ZSH compatibility commands (under self)
+selfCommand
     .command('zsh')
     .description('ZSH compatibility commands')
     .option('--migrate', 'Migrate ZSH configuration to LSH')
@@ -153,8 +158,6 @@ program
         process.exit(1);
     }
 });
-// Self-management commands
-program.addCommand(selfCommand);
 // Help subcommand
 program
     .command('help')
@@ -216,8 +219,9 @@ function findSimilarCommands(input, validCommands) {
     await init_supabase(libCommand);
     await init_daemon(libCommand);
     await init_cron(libCommand);
-    await init_secrets(libCommand);
     registerApiCommands(libCommand);
+    // Secrets as top-level command
+    await init_secrets(program);
     // Self-management commands with nested utilities
     registerZshImportCommands(selfCommand);
     registerThemeCommands(selfCommand);
@@ -573,10 +577,10 @@ function showDetailedHelp() {
     console.log('  -V, --version          Show version');
     console.log('');
     console.log('Subcommands:');
+    console.log('  secrets                 Secrets management (primary feature)');
     console.log('  repl                    JavaScript REPL interactive shell');
     console.log('  script <file>           Execute shell script');
     console.log('  config                  Manage configuration');
-    console.log('  zsh                     ZSH compatibility commands');
     console.log('  help                    Show detailed help');
     console.log('');
     console.log('Self-Management (lsh self <command>):');
@@ -584,6 +588,7 @@ function showDetailedHelp() {
     console.log('  self version            Show version information');
     console.log('  self uninstall          Uninstall LSH from system');
     console.log('  self theme              Manage themes (import Oh-My-Zsh themes)');
+    console.log('  self zsh                ZSH compatibility commands');
     console.log('  self zsh-import         Import ZSH configs (aliases, functions, exports)');
     console.log('');
     console.log('Library Commands (lsh lib <command>):');
@@ -593,7 +598,6 @@ function showDetailedHelp() {
     console.log('  lib daemon job          Job management');
     console.log('  lib daemon db           Database integration');
     console.log('  lib cron                Cron job management');
-    console.log('  lib secrets             Secrets management');
     console.log('');
     console.log('Examples:');
     console.log('');
@@ -617,13 +621,17 @@ function showDetailedHelp() {
     console.log('    lsh self theme import robbyrussell  # Import Oh-My-Zsh theme');
     console.log('    lsh self zsh-import aliases         # Import ZSH aliases');
     console.log('');
+    console.log('  Secrets Management:');
+    console.log('    lsh secrets sync                    # Check sync status');
+    console.log('    lsh secrets push                    # Push secrets to cloud');
+    console.log('    lsh secrets pull                    # Pull secrets from cloud');
+    console.log('    lsh secrets list                    # List environments');
+    console.log('');
     console.log('  Library Services:');
     console.log('    lsh lib daemon start                # Start daemon');
     console.log('    lsh lib daemon status               # Check daemon status');
     console.log('    lsh lib daemon job list             # List all jobs');
     console.log('    lsh lib cron list                   # List cron jobs');
-    console.log('    lsh lib secrets push                # Push secrets to cloud');
-    console.log('    lsh lib secrets list                # List environments');
     console.log('    lsh lib api start                   # Start API server');
     console.log('    lsh lib api key                     # Generate API key');
     console.log('');

package/dist/lib/secrets-manager.js

@@ -117,6 +117,11 @@ export class SecretsManager {
         if (!fs.existsSync(envFilePath)) {
             throw new Error(`File not found: ${envFilePath}`);
         }
+        // Validate filename pattern for custom files
+        const filename = path.basename(envFilePath);
+        if (filename !== '.env' && !filename.startsWith('.env.')) {
+            throw new Error(`Invalid filename: ${filename}. Must be '.env' or start with '.env.'`);
+        }
         // Warn if using default key
         if (!process.env.LSH_SECRETS_KEY) {
             logger.warn('⚠️  Warning: No LSH_SECRETS_KEY set. Using machine-specific key.');
@@ -129,9 +134,10 @@ export class SecretsManager {
         const env = this.parseEnvFile(content);
         // Encrypt entire .env content
         const encrypted = this.encrypt(content);
-        // Store in Supabase (using job system for now)
+        // Include filename in job_id for tracking multiple .env files
+        const safeFilename = filename.replace(/[^a-zA-Z0-9._-]/g, '_');
         const secretData = {
-            job_id: `secrets_${environment}_${Date.now()}`,
+            job_id: `secrets_${environment}_${safeFilename}_${Date.now()}`,
             command: 'secrets_sync',
             status: 'completed',
             output: encrypted,
@@ -140,20 +146,31 @@ export class SecretsManager {
             working_directory: process.cwd(),
         };
         await this.persistence.saveJob(secretData);
-        logger.info(`✅ Pushed ${Object.keys(env).length} secrets to Supabase`);
+        logger.info(`✅ Pushed ${Object.keys(env).length} secrets from ${filename} to Supabase`);
     }
     /**
      * Pull .env from Supabase
      */
     async pull(envFilePath = '.env', environment = 'dev', force = false) {
-        logger.info(`Pulling ${environment} secrets from Supabase...`);
-        // Get latest secrets
+        // Validate filename pattern for custom files
+        const filename = path.basename(envFilePath);
+        if (filename !== '.env' && !filename.startsWith('.env.')) {
+            throw new Error(`Invalid filename: ${filename}. Must be '.env' or start with '.env.'`);
+        }
+        logger.info(`Pulling ${filename} (${environment}) from Supabase...`);
+        // Get latest secrets for this specific file
         const jobs = await this.persistence.getActiveJobs();
+        const safeFilename = filename.replace(/[^a-zA-Z0-9._-]/g, '_');
         const secretsJobs = jobs
-            .filter(j => j.command === 'secrets_sync' && j.job_id.includes(environment))
+            .filter(j => {
+            // Match secrets for this environment and filename
+            return j.command === 'secrets_sync' &&
+                j.job_id.includes(environment) &&
+                j.job_id.includes(safeFilename);
+        })
             .sort((a, b) => new Date(b.started_at).getTime() - new Date(a.started_at).getTime());
         if (secretsJobs.length === 0) {
-            throw new Error(`No secrets found for environment: ${environment}`);
+            throw new Error(`No secrets found for file '${filename}' in environment: ${environment}`);
         }
         const latestSecret = secretsJobs[0];
         if (!latestSecret.output) {
@@ -179,13 +196,57 @@ export class SecretsManager {
         const secretsJobs = jobs.filter(j => j.command === 'secrets_sync');
         const envs = new Set();
         for (const job of secretsJobs) {
-            const match = job.job_id.match(/secrets_(.+?)_\d+/);
+            // Updated regex to handle new format with filename
+            const match = job.job_id.match(/secrets_([^_]+)_/);
             if (match) {
                 envs.add(match[1]);
             }
         }
         return Array.from(envs).sort();
     }
+    /**
+     * List all tracked .env files
+     */
+    async listAllFiles() {
+        const jobs = await this.persistence.getActiveJobs();
+        const secretsJobs = jobs.filter(j => j.command === 'secrets_sync');
+        // Group by environment and filename to get latest of each
+        const fileMap = new Map();
+        for (const job of secretsJobs) {
+            // Parse job_id: secrets_${environment}_${safeFilename}_${timestamp}
+            const parts = job.job_id.split('_');
+            if (parts.length >= 3 && parts[0] === 'secrets') {
+                const environment = parts[1];
+                // Handle both old and new format
+                let filename = '.env';
+                if (parts.length >= 4) {
+                    // New format with filename
+                    const timestamp = parts[parts.length - 1];
+                    // Reconstruct filename from middle parts
+                    const filenameParts = parts.slice(2, -1);
+                    if (filenameParts.length > 0) {
+                        // Convert underscores back to dots for the extension
+                        filename = filenameParts.join('_');
+                        // Fix the extension dots that were replaced
+                        filename = filename.replace(/^env_/, '.env.');
+                        if (filename === 'env') {
+                            filename = '.env';
+                        }
+                    }
+                }
+                const key = `${environment}_${filename}`;
+                const existing = fileMap.get(key);
+                if (!existing || new Date(job.completed_at || job.started_at) > new Date(existing.updated)) {
+                    fileMap.set(key, {
+                        filename,
+                        environment,
+                        updated: new Date(job.completed_at || job.started_at).toLocaleString()
+                    });
+                }
+            }
+        }
+        return Array.from(fileMap.values()).sort((a, b) => a.filename.localeCompare(b.filename) || a.environment.localeCompare(b.environment));
+    }
     /**
      * Show secrets (masked)
      */

package/dist/services/secrets/secrets.js

@@ -48,9 +48,24 @@ export async function init_secrets(program) {
         .command('list [environment]')
         .alias('ls')
         .description('List all stored environments or show secrets for specific environment')
-        .action(async (environment) => {
+        .option('--all-files', 'List all tracked .env files across environments')
+        .action(async (environment, options) => {
         try {
             const manager = new SecretsManager();
+            // If --all-files flag is set, list all tracked files
+            if (options.allFiles) {
+                const files = await manager.listAllFiles();
+                if (files.length === 0) {
+                    console.log('No .env files found. Push your first file with: lsh secrets push --file <filename>');
+                    return;
+                }
+                console.log('\n📦 Tracked .env files:\n');
+                for (const file of files) {
+                    console.log(`  • ${file.filename} (${file.environment}) - Last updated: ${file.updated}`);
+                }
+                console.log();
+                return;
+            }
             // If environment specified, show secrets for that environment
             if (environment) {
                 await manager.show(environment);
@@ -187,6 +202,95 @@ API_KEY=
             process.exit(1);
         }
     });
+    // Get a specific secret value
+    secretsCmd
+        .command('get <key>')
+        .description('Get a specific secret value from .env file')
+        .option('-f, --file <path>', 'Path to .env file', '.env')
+        .action(async (key, options) => {
+        try {
+            const envPath = path.resolve(options.file);
+            if (!fs.existsSync(envPath)) {
+                console.error(`❌ File not found: ${envPath}`);
+                process.exit(1);
+            }
+            const content = fs.readFileSync(envPath, 'utf8');
+            const lines = content.split('\n');
+            for (const line of lines) {
+                if (line.trim().startsWith('#') || !line.trim())
+                    continue;
+                const match = line.match(/^([^=]+)=(.*)$/);
+                if (match && match[1].trim() === key) {
+                    let value = match[2].trim();
+                    // Remove quotes if present
+                    if ((value.startsWith('"') && value.endsWith('"')) ||
+                        (value.startsWith("'") && value.endsWith("'"))) {
+                        value = value.slice(1, -1);
+                    }
+                    console.log(value);
+                    return;
+                }
+            }
+            console.error(`❌ Key '${key}' not found in ${options.file}`);
+            process.exit(1);
+        }
+        catch (error) {
+            console.error('❌ Failed to get secret:', error.message);
+            process.exit(1);
+        }
+    });
+    // Set a specific secret value
+    secretsCmd
+        .command('set <key> <value>')
+        .description('Set a specific secret value in .env file')
+        .option('-f, --file <path>', 'Path to .env file', '.env')
+        .action(async (key, value, options) => {
+        try {
+            const envPath = path.resolve(options.file);
+            // Validate key format
+            if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(key)) {
+                console.error(`❌ Invalid key format: ${key}. Must be a valid environment variable name.`);
+                process.exit(1);
+            }
+            let content = '';
+            let found = false;
+            if (fs.existsSync(envPath)) {
+                content = fs.readFileSync(envPath, 'utf8');
+                const lines = content.split('\n');
+                const newLines = [];
+                for (const line of lines) {
+                    if (line.trim().startsWith('#') || !line.trim()) {
+                        newLines.push(line);
+                        continue;
+                    }
+                    const match = line.match(/^([^=]+)=(.*)$/);
+                    if (match && match[1].trim() === key) {
+                        // Quote values with spaces or special characters
+                        const needsQuotes = /[\s#]/.test(value);
+                        const quotedValue = needsQuotes ? `"${value}"` : value;
+                        newLines.push(`${key}=${quotedValue}`);
+                        found = true;
+                    }
+                    else {
+                        newLines.push(line);
+                    }
+                }
+                content = newLines.join('\n');
+            }
+            // If key wasn't found, append it
+            if (!found) {
+                const needsQuotes = /[\s#]/.test(value);
+                const quotedValue = needsQuotes ? `"${value}"` : value;
+                content = content.trimRight() + `\n${key}=${quotedValue}\n`;
+            }
+            fs.writeFileSync(envPath, content, 'utf8');
+            console.log(`✅ Set ${key} in ${options.file}`);
+        }
+        catch (error) {
+            console.error('❌ Failed to set secret:', error.message);
+            process.exit(1);
+        }
+    });
     // Delete .env file with confirmation
     secretsCmd
         .command('delete')

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lsh-framework",
-  "version": "0.7.0",
+  "version": "0.8.1",
   "description": "Encrypted secrets manager with automatic rotation, team sync, and multi-environment support. Built on a powerful shell with daemon scheduling and CI/CD integration.",
   "main": "dist/app.js",
   "bin": {
@@ -104,15 +104,10 @@
     "ink-text-input": "^5.0.1",
     "inquirer": "^9.2.12",
     "ioredis": "^5.8.0",
-    "jest": "^29.7.0",
     "jsonwebtoken": "^9.0.2",
     "lodash": "^4.17.21",
-    "mocha": "^10.3.0",
-    "ncc": "^0.3.6",
-    "nexe": "^4.0.0-rc.2",
     "node-cron": "^3.0.3",
     "node-fetch": "^3.3.2",
-    "nodemon": "^3.0.1",
     "ora": "^8.0.1",
     "path": "^0.12.7",
     "pg": "^8.16.3",
@@ -122,7 +117,6 @@
     "socket.io": "^4.8.1",
     "uuid": "^10.0.0",
     "xstate": "^5.9.1",
-    "zapier-platform-core": "15.4.1",
     "zx": "^7.2.3"
   },
   "devDependencies": {
@@ -141,8 +135,14 @@
     "eslint": "^9.36.0",
     "eslint-plugin-react": "^7.37.5",
     "eslint-plugin-react-hooks": "^5.2.0",
+    "jest": "^29.7.0",
+    "mocha": "^10.3.0",
+    "ncc": "^0.3.6",
+    "nexe": "^4.0.0-rc.2",
+    "nodemon": "^3.0.1",
     "supertest": "^7.1.4",
     "ts-jest": "^29.2.5",
-    "typescript": "^5.4.5"
+    "typescript": "^5.4.5",
+    "zapier-platform-core": "15.4.1"
   }
 }

package/dist/services/api/api.js

@@ -1,58 +0,0 @@
-import AsyncLock from 'async-lock';
-import request from 'request';
-import { CONFIG } from './config.js';
-import { FILE } from './file.js';
-const semaphore = new AsyncLock();
-let pkgId;
-export const makePOSTRequest = async (typeName, method, data, onSuccess) => {
-    console.log("makePostRequest");
-    const url = CONFIG.URL + '/api/8' + '/' + typeName + '/' + method;
-    console.log(url);
-    // Prevent parallel writes/deletions
-    return semaphore.acquire('request', (done) => {
-        return request.post(url, {
-            method: 'POST',
-            body: data,
-            json: true,
-            headers: {
-                Authorization: CONFIG.AUTH_TOKEN,
-            },
-        }, (err, response, body) => {
-            console.log(body);
-            onSuccess?.(response);
-            done();
-        });
-    });
-};
-const getMetadataPath = (path) => {
-    console.log("getMetadataPath");
-    return path.substring(path.indexOf(CONFIG.PATH_TO_PACKAGE_REPO) + CONFIG.PATH_TO_PACKAGE_REPO.length);
-};
-const getPkgId = async () => {
-    console.log("getPkgId");
-    if (pkgId) {
-        return pkgId;
-    }
-    await makePOSTRequest('Pkg', 'inst', ['Pkg'], (body) => {
-        pkgId = body;
-    });
-    return pkgId;
-};
-const _writeContent = async (path) => {
-    console.log("writeContent");
-    const pkgId = await getPkgId();
-    const metadataPath = getMetadataPath(path);
-    const content = FILE.encodeContent(path);
-    if (await content === FILE.NO_CHANGE_TO_FILE) {
-        return;
-    }
-    return makePOSTRequest('Pkg', 'writeContent', [pkgId, metadataPath, {
-            type: 'ContentValue',
-            content,
-        }], () => console.log("Success"));
-};
-const _deleteContent = async (path) => {
-    const pkgId = await getPkgId();
-    const metadataPath = getMetadataPath(path);
-    return makePOSTRequest('Pkg', 'deleteContent', [pkgId, metadataPath, true], () => console.log("deleted!"));
-};